<h2>Admin &raquo; Manage Users</h2>
<?php

$act = '';
if (isset($_GET['act']))
	$act = $_GET['act'];

if (!check_permission('admin', 0))
	$act = 'deny';

////////////////////////////////////////////////////////////////////////// ADD
if ($act == 'add')
{
?>
<h3>Add new user</h3>
<form method="post" action="?s=users&act=confirmadd">
	<p>
		Please provide the information asked in order to create a new user. 
		All fields are required.
	</p>
	<table>
		<tr>
			<td style="width: 128px;">User group: <br /><small>(when you need to create a new group, please <a href="?s=groups&act=add">do that first</a>)</small></td>
			<td style="vertical-align: top;">
				<select size="1" name="newusergroupid">
<?php
	$groupsresult = mysql_query('SELECT id, name, type FROM dcms_usergroups');
	$isfirst = true;
	while ($grouprow = mysql_fetch_array($groupsresult))
	{
		$selected = ($isfirst ? ' selected="selected"' : '');
		if ($isfirst) $isfirst = false;
		echo "\t\t\t\t<option value=\"$grouprow[id]\"$selected>$grouprow[name] ($grouprow[type])</option>\n";
	}
?>
				</select>
			</td>
		</tr>
		<tr><td>Username:</td><td><input type="text" size="16" name="newusername" /></td></tr>
		<tr><td>Password:</td><td><input type="password" size="16" name="newpassword" /></td></tr>
		<tr><td>Confirm password:</td><td><input type="password" size="16" name="newpassword2" /></td></tr>
		<tr><td>Real name:</td><td><input type="text" size="30" name="newrealname" /></td></tr>
		<tr><td>E-mail address:</td><td><input type="text" name="newemail" /></td></tr>
		<tr><td>&nbsp;</td><td>
			<input type="button" value="Cancel" onclick="window.location='?s=users';" />
			<input type="submit" value="Add" />
		</td>
	</table>
</form>
<?php 
}
////////////////////////////////////////////////////////////////// CONFIRM ADD
else if ($act == "confirmadd")
{
	$usergroupid = addslashes($_POST['newusergroupid']);
	$username = addslashes($_POST['newusername']);
	$password = md5($_POST['newpassword']);
	$password2 = md5($_POST['newpassword2']);
	$realname = addslashes($_POST['newrealname']);
	$email = addslashes($_POST['newemail']);
	$error = '';
	if (ereg('[^A-Za-z0-9]', $username)) $error = 'Username must be alpha-numeric.';
	if (strlen($username) > 16) $error = 'Username must be 16 or less characters long.';
	if ($password != $password2) $error = 'The two passwords given are not the same.';
	if ($username == '' || $password == '' || $realname == '' || $email == '') $error = 'Please fill in all the fields.';
	
	$insertsql = 	'INSERT INTO dcms_users (username, password, realname, email, usergroupid) VALUES ' .
					"('$username','$password','$realname','$email','$usergroupid')";
	if ($error == '')
	{
		if (!mysql_query($insertsql)) $error = 'A database error occurred.';
	}
	if ($error == '')
	{
		echo "<p style=\"color: #090;\">User <strong>$username</strong> successfully added!</p>";
		?>
		<script type="text/javascript">
			window.location = "?s=users";
		</script>
		<?php
	}
	else
	{
		echo "<p style=\"color: #F00;\">The user <strong>$username</strong> could not be added: $error";
		echo "Use the Back-button of your Web Browser to correct the errors.</p>";
	}
}
/////////////////////////////////////////////////////////////////////// REMOVE
else if ($act == 'remove')
{
	$removeid = addslashes($_GET['id']);
	$user = query_to_hash("SELECT username FROM dcms_users WHERE id=$removeid");
	?>
		<form method="post" action="?s=users&act=confirmremove">
			<p style="color: red;">
				<input type="hidden" name="id" value="<?php echo $removeid; ?>" />
				Are you sure you want to remove the user 
				<strong><?php echo $user['username']; ?></strong>?<br />
				<input type="button" value="Cancel" onclick="window.location='?s=users';" />
				<input type="submit" value="Remove" />
			</p>
		</form>
	<?php
}
/////////////////////////////////////////////////////////////// CONFIRM REMOVE
else if ($act == 'confirmremove')
{
	$removeid = addslashes($_POST['id']);
	mysql_query("DELETE FROM dcms_users WHERE id=$removeid");
	?>
	<script type="text/javascript">
		window.location = "?s=users";
	</script>
	<?php
}
///////////////////////////////////////////////////////////////////////// EDIT
else if ($act == 'edit')
{
	$editid = addslashes($_GET['id']);
	$original = query_to_hash("SELECT username, realname, email, usergroupid FROM dcms_users WHERE id=$editid");
?>
<h3>Edit user '<?php echo $original['username']; ?>'</h3>
<form method="post" action="?s=users&act=confirmedit">
	<input type="hidden" name="editid" value="<?php echo $editid; ?>" />
	<table>
		<tr>
			<td style="width: 128px;">User group: <br /><small>(when you need to create a new group, please <a href="?s=groups&act=add">do that first</a>)</small></td>
			<td style="vertical-align: top;">
				<select size="1" name="newusergroupid">
<?php
	$groupsresult = mysql_query('SELECT id, name, type FROM dcms_usergroups');
	while ($grouprow = mysql_fetch_array($groupsresult))
	{
		$selected = ($grouprow['id'] == $original['usergroupid'] ? ' selected="selected"' : '');
		echo "\t\t\t\t<option value=\"$grouprow[id]\"$selected>$grouprow[name] ($grouprow[type])</option>\n";
	}
?>
				</select>
			</td>
		</tr>
		<tr><td>Username:</td><td><input type="text" size="16" name="newusername" value="<?php echo $original['username']; ?>" /></td></tr>
		<tr><td style="width: 128px;">New password:<br /><small>When you want to leave the password the same, leave these password fields blank.</small></td>
			<td style="vertical-align: top;"><input type="password" size="16" name="newpassword" /></td></tr>
		<tr><td>Confirm new password:</td><td><input type="password" size="16" name="newpassword2" /></td></tr>
		<tr><td>Real name:</td><td><input type="text" size="30" name="newrealname" value="<?php echo $original['realname']; ?>" /></td></tr>
		<tr><td>E-mail address:</td><td><input type="text" name="newemail" value="<?php echo $original['email']; ?>" /></td></tr>
		<tr><td>&nbsp;</td><td>
			<input type="button" value="Cancel" onclick="window.location='?s=users';" />
			<input type="submit" value="Edit" />
		</td>
	</table>
</form>
<?php	
}
///////////////////////////////////////////////////////////////// CONFIRM EDIT
else if ($act == 'confirmedit')
{
	$editid = addslashes($_POST['editid']);
	$usergroupid = addslashes($_POST['newusergroupid']);
	$username = addslashes($_POST['newusername']);
	$editpassword = ($_POST['newpassword'] != '');
	$password = md5($_POST['newpassword']);
	$password2 = md5($_POST['newpassword2']);
	$realname = addslashes($_POST['newrealname']);
	$email = addslashes($_POST['newemail']);
	$error = '';
	if (ereg('[^A-Za-z0-9]', $username)) $error = 'Username must be alpha-numeric.';
	if (strlen($username) > 16) $error = 'Username must be 16 or less characters long.';
	if ($password != $password2) $error = 'The two passwords given are not the same.';
	if ($username == '' || $password == '' || $realname == '' || $email == '') $error = 'Please fill in all the fields.';
	
	$passwordquery = '';
	if ($editpassword)
		$passwordquery = "password='$password',";
	
	$updatesql = 	"UPDATE dcms_users SET username='$username', $passwordquery realname='$realname', email='$email', usergroupid=$usergroupid " .
	 				"WHERE id=$editid";
	if ($error == '')
	{
		if (!mysql_query($updatesql)) $error = 'A database error occurred.';
	}
	if ($error == '')
	{
		echo "<p style=\"color: #090;\">User <strong>$username</strong> successfully edited!</p>";
		?>
		<script type="text/javascript">
			window.location = "?s=users";
		</script>
		<?php
	}
	else
	{
		echo "<p style=\"color: #F00;\">The user <strong>$username</strong> could not be edited: $error";
		echo "Use the Back-button of your Web Browser to correct the errors.</p>";
	}
}
///////////////////////////////////////////////////////////////////////// LIST
if ($act == '') 
{
?>
<p>
	<a href="admin.php">Back to Admin Home</a><br />
	<a href="?s=users&act=add">Add new user</a>
</p>
<h3>Table of Users</h3>
<?php
$users_sql = 	'SELECT dcms_users.id as id, username, realname, email, name as group_name, type as group_level ' .
				'FROM dcms_users, dcms_usergroups ' .
				'WHERE usergroupid = dcms_usergroups.id ' .
				'ORDER BY usergroupid, realname'; 
$result = mysql_query($users_sql);
$usercount = mysql_num_rows($result);
echo "$usercount user" . ($usercount == 1 ? "" : "s") . " found.";
?> 
<table class="thingreytable">
	<tr>
		<th>Username</th>
		<th>Real name</th>
		<th>E-mail</th>
		<th>Group name</th>
		<th>Group security level</th>
		<th>Actions</th>
	</tr>
<?php
while ($row = mysql_fetch_array($result))
{
	?>
	<tr>
		<td><?php echo $row['username']; ?></td>
		<td><?php echo $row['realname']; ?></td>
		<td><?php echo $row['email']; ?></td>
		<td><?php echo $row['group_name']; ?></td>
		<td><?php echo $row['group_level']; ?></td>
		<td>
			<a href="?s=users&act=edit&id=<?php echo $row['id']; ?>">Edit</a> /
			<a href="?s=users&act=remove&id=<?php echo $row['id']; ?>">Remove</a>
		</td>
	</tr>
	<?php
}
} // } else {
?>
</table>
